panic: kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *438052 25653 0 0x14000 0x40000200 0 softclock db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e5265,ffffffff82200e56,2cc,ffffffff8216c9b5) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd802e3d5af8) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff825366f0) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffeed0) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffeed0) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: 9 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic kernel diagnostic assertion "ifp != NULL" failed: file "/syzkaller/managers/main/kernel/sys/netinet/if_ether.c", line 716 ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 __assert(ffffffff821e5265,ffffffff82200e56,2cc,ffffffff8216c9b5) at __assert+0x2b sys/kern/subr_prf.c:154 arptfree(fffffd802e3d5af8) at arptfree+0xfb sys/netinet/if_ether.c:716 arptimer(ffffffff825366f0) at arptimer+0x95 sys/netinet/if_ether.c:120 softclock_thread(ffff8000ffffeed0) at softclock_thread+0x145 timeout_run sys/kern/kern_timeout.c:475 [inline] softclock_thread(ffff8000ffffeed0) at softclock_thread+0x145 sys/kern/kern_timeout.c:552 end trace frame: 0x0, count: -6 ddb> show registers rdi 0 rsi 0x1 rbp 0xffff800014811ed0 rbx 0xffff800014811f80 rdx 0x2 rcx 0 rax 0 r8 0xffff800014811e90 r9 0x1 r10 0 r11 0x2b45be980f886790 r12 0x3000000008 r13 0xffff800014811ee0 r14 0x100 r15 0x1 rip 0xffffffff81c0cb78 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff800014811ec0 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (softclock) pid=438052 stat=onproc flags process=14000 proc=40000200 pri=0, usrpri=50, nice=20 forw=0xffffffffffffffff, list=0xffff8000fffff3c0,0xffff8000ffffec68 process=0xffff8000ffffc000 user=0xffff80001480d000, vmspace=0xffffffff825637d0 estcpu=0, cpticks=1, pctcpu=0.0 user=0, sys=1, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 89562 41611 21566 0 2 0x480 syz-executor.1 89562 285746 21566 0 3 0x4000080 kqread syz-executor.1 89562 15660 21566 0 3 0x4000080 fsleep syz-executor.1 21566 138814 47910 0 2 0x482 syz-executor.1 37284 514678 47910 0 3 0x82 piperd syz-executor.0 73184 227068 0 0 3 0x14200 bored sosplice 47910 517252 90312 0 3 0x82 thrsleep syz-fuzzer 47910 259252 90312 0 3 0x4000082 thrsleep syz-fuzzer 47910 193079 90312 0 3 0x4000082 kqread syz-fuzzer 47910 501673 90312 0 3 0x4000082 thrsleep syz-fuzzer 47910 179927 90312 0 3 0x4000082 thrsleep syz-fuzzer 47910 337712 90312 0 3 0x4000082 thrsleep syz-fuzzer 47910 111484 90312 0 3 0x4000082 thrsleep syz-fuzzer 90312 362993 16496 0 3 0x10008a pause ksh 16496 29230 68307 0 3 0x92 select sshd 27854 180803 1 0 3 0x100083 ttyin getty 68307 2982 1 0 3 0x80 select sshd 88790 173946 21984 73 3 0x100090 kqread syslogd 21984 327957 1 0 3 0x100082 netio syslogd 33714 376739 1 77 3 0x100090 poll dhclient 75814 164537 1 0 3 0x80 poll dhclient 5476 318281 0 0 3 0x14200 pgzero zerothread 19064 188324 0 0 3 0x14200 aiodoned aiodoned 11470 73489 0 0 3 0x14200 syncer update 50128 336976 0 0 3 0x14200 cleaner cleaner 79835 512765 0 0 3 0x14200 reaper reaper 9478 500626 0 0 3 0x14200 pgdaemon pagedaemon 2398 486361 0 0 3 0x14200 bored crynlk 60172 464098 0 0 3 0x14200 bored crypto 91061 399521 0 0 3 0x40014200 acpi0 acpi0 45617 57414 0 0 3 0x14200 bored softnet 78209 340722 0 0 3 0x14200 bored systqmp 70913 298056 0 0 3 0x14200 bored systq *25653 438052 0 0 7 0x40014200 softclock 61313 346684 0 0 3 0x40014200 idle0 39603 468427 0 0 3 0x14200 bored smr 1 15246 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9579 6368K 7370K 78643K 19127 0 0 pcb 14 13K 14K 78643K 1091 0 0 rtable 105 8K 9K 78643K 2009 0 0 ifaddr 82 17K 18K 78643K 433 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 259 0 0 iov 0 0K 28K 78643K 1488 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1208 76K 77K 78643K 5032 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 52 0 0 VM map 30 7K 7K 78643K 48 0 0 sem 12 0K 1K 78643K 533 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 5 13K 25K 78643K 2985 0 0 sigio 0 0K 0K 78643K 46 0 0 proc 49 38K 63K 78643K 1320 0 0 subproc 32 2K 2K 78643K 289 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 2 0K 0K 78643K 295 0 0 in_multi 19 1K 2K 78643K 317 0 0 ether_multi 1 0K 0K 78643K 22 0 0 mrt 0 0K 0K 78643K 8 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 96 424K 424K 78643K 96 0 0 exec 0 0K 1K 78643K 747 0 0 pfkey data 0 0K 4K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 150 250K 250K 78643K 8284 0 0 UVM aobj 130 8K 8K 78643K 169 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 1 0K 1K 78643K 1018 0 0 NDP 20 0K 0K 78643K 144 0 0 temp 226 3544K 3672K 78643K 137050 0 0 kqueue 0 0K 0K 78643K 32 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 106 0 99 1 0 1 1 0 8 0 rtpcb 80 288 0 286 1 0 1 1 0 8 0 rtentry 112 439 0 401 2 0 2 2 0 8 0 unpcb 120 1494 0 1484 3 2 1 2 0 8 0 syncache 264 21 0 21 7 7 0 1 0 8 0 tcpqe 32 126 0 126 6 6 0 1 0 8 0 tcpcb 544 2268 0 2264 60 51 9 16 0 8 8 ipq 40 30 0 29 8 7 1 1 0 8 0 ipqe 40 621 0 620 8 7 1 1 0 8 0 inpcb 280 5112 0 5103 46 37 9 13 0 8 8 rttmr 72 2 0 2 2 2 0 1 0 8 0 ip6q 72 1 0 1 1 1 0 1 0 8 0 nd6 48 43 0 42 3 2 1 1 0 8 0 pkpcb 40 7 0 7 3 3 0 1 0 8 0 swfcl 56 2 0 0 1 0 1 1 0 8 0 ppxss 1128 39 0 39 14 13 1 1 0 8 1 art_heap8 4096 19 0 18 7 4 3 3 0 8 2 art_heap4 256 1553 0 1378 31 16 15 17 0 8 1 art_table 32 1572 0 1396 3 1 2 3 0 8 0 art_node 16 426 0 391 1 0 1 1 0 8 0 semupl 112 6 0 6 1 1 0 1 0 8 0 semapl 112 531 0 521 1 0 1 1 0 8 0 shmpl 112 167 0 39 4 0 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 6844 0 5447 46 0 46 46 0 8 0 ffsino 240 6844 0 5447 83 0 83 83 0 8 0 nchpl 144 11711 0 11251 60 41 19 60 0 8 0 uvmvnodes 72 7233 0 0 132 0 132 132 0 8 0 vnodes 208 7233 0 0 381 0 381 381 0 8 0 namei 1024 44736 0 44736 1 0 1 1 0 8 1 vcpupl 1984 28 0 0 4 0 4 4 0 8 0 vmpool 520 46 0 18 2 0 2 2 0 8 0 scsiplug 64 2 0 2 1 1 0 1 0 8 0 scxspl 192 36991 0 36991 21 20 1 7 0 8 1 plimitpl 152 232 0 225 1 0 1 1 0 8 0 sigapl 432 3111 0 3098 2 0 2 2 0 8 0 futexpl 56 89928 0 89927 1 0 1 1 0 8 0 knotepl 112 854 0 835 2 1 1 2 0 8 0 kqueuepl 104 1549 0 1546 13 9 4 4 0 8 3 pipepl 112 2764 0 2743 9 8 1 2 0 8 0 fdescpl 424 3112 0 3098 2 0 2 2 0 8 0 filepl 120 33787 0 33687 38 27 11 11 0 8 7 lockfpl 104 1208 0 1207 1 0 1 1 0 8 0 lockfspl 48 385 0 384 1 0 1 1 0 8 0 sessionpl 112 32 0 22 1 0 1 1 0 8 0 pgrppl 48 48 0 38 1 0 1 1 0 8 0 ucredpl 96 10132 0 10124 1 0 1 1 0 8 0 zombiepl 144 3100 0 3100 1 0 1 1 0 8 1 processpl 864 3129 0 3100 4 0 4 4 0 8 0 procpl 632 6747 0 6710 4 0 4 4 0 8 0 sosppl 128 26 0 26 8 8 0 1 0 8 0 sockpl 384 6986 0 6965 68 57 11 22 0 8 8 mcl64k 65536 2031 0 2031 168 163 5 64 0 8 5 mcl16k 16384 35 0 35 14 13 1 1 0 8 1 mcl12k 12288 72 0 72 11 10 1 1 0 8 1 mcl9k 9216 69 0 69 9 8 1 1 0 8 1 mcl8k 8192 154 0 154 6 5 1 1 0 8 1 mcl4k 4096 367 0 367 3 2 1 1 0 8 1 mcl2k2 2112 17 0 17 9 9 0 1 0 8 0 mcl2k 2048 73389 0 73342 18 11 7 14 0 8 0 mtagpl 80 179 0 177 2 1 1 1 0 8 0 mbufpl 256 144336 0 144272 136 123 13 37 0 8 8 bufpl 256 20637 0 13404 453 0 453 453 0 8 0 anonpl 16 391215 0 373177 178 89 89 92 0 62 10 amapchunkpl 152 15794 0 15669 47 37 10 15 0 158 4 amappl16 192 18668 0 17618 158 95 63 66 0 8 8 amappl15 184 44 0 44 1 1 0 1 0 8 0 amappl14 176 325 0 322 1 0 1 1 0 8 0 amappl13 168 1105 0 1104 2 1 1 1 0 8 0 amappl12 160 247 0 245 4 3 1 1 0 8 0 amappl11 152 864 0 852 1 0 1 1 0 8 0 amappl10 144 263 0 261 1 0 1 1 0 8 0 amappl9 136 798 0 792 1 0 1 1 0 8 0 amappl8 128 333 0 292 2 0 2 2 0 8 0 amappl7 120 341 0 335 1 0 1 1 0 8 0 amappl6 112 861 0 848 1 0 1 1 0 8 0 amappl5 104 511 0 499 1 0 1 1 0 8 0 amappl4 96 3980 0 3950 1 0 1 1 0 8 0 amappl3 88 574 0 563 1 0 1 1 0 8 0 amappl2 80 23068 0 22996 3 1 2 3 0 8 0 amappl1 72 65189 0 64774 27 18 9 20 0 8 0 amappl 80 7265 0 7213 3 1 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 168 0 39 3 0 3 3 0 8 0 uaddrrnd 24 3158 0 3098 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 3158 0 3098 1 0 1 1 0 8 0 vmmpekpl 168 24120 0 24087 2 0 2 2 0 8 0 vmmpepl 168 380570 0 378385 271 150 121 149 0 357 17 vmsppl 272 3111 0 3098 3 2 1 2 0 8 0 pdppl 4096 6322 0 6260 11 2 9 9 0 8 1 pvpl 32 1028196 0 1007042 383 171 212 285 0 265 34 pmappl 200 3157 0 3116 4 1 3 3 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 999 0 394 21 2 19 20 0 8 0